Towards Trustworthy Wi-Fi CSI-based Sensing: Systematic Evaluation of Adversarial Robustness

arXiv:2511.20456v2 Announce Type: replace Abstract: Machine learning drives Channel State Information (CSI)-based human sensing in modern wireless networks, enabling applications like device-free human activity recognition (HAR) and identification (HID). However, the susceptibility of these models to adversarial perturbations raises security concerns that must be quantified prior to edge deployment. We present a systematic robustness evaluation of five diverse CSI architectures across four public datasets, jointly analyzing white-box, black-box transfer, and universal attacks, together with defense strategies, under unconstrained and physics-guided perturbation boundaries. Contrary to prior assumptions, our experiments reveal that model capacity does not guarantee robustness; simple architectures consistently exhibit superior resilience compared to high-capacity sequence and vision models. Furthermore, vulnerability is fundamentally task-dependent, with HAR proving highly susceptible to attack, while HID demonstrates stark inherent resistance. Crucially, enforcing physical signal constraints drastically reduces attack success rates and significantly taxes attacker computation, showing that standard unconstrained feature-space attacks substantially overestimate real-world Over-The-Air vulnerabilities. By synthesizing attack, defense, and security metrics with strict edge hardware considerations, this work establishes foundational design principles for secure, deployable, and physically realizable wireless sensing systems.